 |
Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
|
| View previous topic :: View next topic |
| Author |
Message |
Antioch
Junior Member
Joined: 16 Aug 2009
Last Visit: 25 Jun 2012
Posts: 38
|
 Posted: Tue Apr 17, 2012 2:32 am Post subject: SMART HDD |
 |
|
Hi
I am running XP SP3 fully updated as of last 'black Tuesday' April 10.
I last came to you for help in 2009.
Just before I shut down last night, I got a popup showing that a scan had started to fix hard d rive problems.
I immediatly stopped this and MSE warned that the computer needed to be cleaned. I did this and rebooted as requested.
When windows opened, the desktop was empty.
Start/progs was empty - the only icons showing were MSE and sound manager in the system tray. There was nothing in the quick launch.
At the moment I cannot open any prog or IE8 to download anything.
I can get into Control Panel but there is nothing in the Assessories folder, so cannot try a system restore.
The desktop when opened, is blank but MSE immediately alerts re a nasty and suggests I clean the computer.
As the cleaning is done, up pops the smart hdd to start a scan which I stop.
The MSE log shows the following either removed -
WIN32/FakeSysdef
Exploit Java /CVE-2012-0507.D!ldr
Settings Modifier WIN32/PossibleHostsFileKijack.
So I apologise that I cannot post DDS/Hijack log as per normal.
I have noticed that in Task Manager, IE does not show.
I have done some reading about this in the MS Answer forums but have not been able to try anything suggested due to my system problems.
I hope there is a way/method to still get your help, otherwise it means a complete reinstall.
I look forward to you help.
Rgds
Antioch |
|
| Back to top |
|
 |
Scolabar
SWW Honors Graduate
Joined: 24 Aug 2011
Last Visit: 27 Jun 2012
Posts: 105
|
| Posted: Fri Apr 20, 2012 9:59 am Post subject: |
|
|
Hi Antioch,
Firstly, welcome to the Spyware Warrior Forum and apologies for the delay in responding to your request for assistance. 
My name is Scolabar, and I'll be helping you with your malware problems.
Logs can take a while to research, so please be patient.
If you no longer require help I would be grateful if you would let me know.
Please note the following important guidelines before proceeding:
- The instructions that will be provided are for YOUR computer and system only!
Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
- If you have any questions or do not understand something, please do not hesitate to ask, don't guess or assume.
- Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
- Only reply to this thread, do not start another. Please, continue responding, until I give you the All Clean.
Absence of symptoms does not necessarily mean that everything is clear.
- DO NOT run any other fix or removal tools unless instructed to do so!
- DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
- Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
- Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
- Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!
Please Note: If you haven't done so already, please read this topic Help with Spyware Removal Forum Guidelines (PLEASE READ) where the conditions for receiving help here are explained.
| Quote: |
| Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop. |
In light of this, it would be advisable for you to back up any important files and folders that you don't want to loseat your earliest opportunity.
If you follow these guidelines, things should proceed smoothly.
Step 1:
Boot Into Safe Mode
Make sure you have downloaded anything you need. Print these instructions as well, as you will not have Internet access!
- Restart your computer.
- Continually click on the F8 key (usually) as your computer is booting until the boot menu appears.
The key used for your computer may be different. F8 is commonly the key used.
- Use up-arrow key to select Safe Mode with Networking and click Enter.
If you have a multiple boot system (more than one operating system (OS) installed) or you have Recovery Console installed you will be shown the multi boot screen.
- Highlight the OS you want to start.
- Click Enter.
- As the system starts the screen will display various files/drivers being loaded. Windows will load your desktop.
- Reply Yes to the Safe Mode startup, if prompted.
Step 2:
Download Tools
Please download the following tools and save them to your Desktop:
**IMPORTANT**: As soon as you have downloaded the tools please physically disconnect your computer from the Internet.
OTL by Old Timer.
Rootkit UnHooker.
Step 3:
Backup Your Data
If possible, take the opportunity to backup your data now.
Step 4:
OTL - Scan
- Please download OTL by Old Timer. Save it to your Desktop.
- Double-click on OTL.exe, which you shold have saved to your Desktop earlier, to run the program.
Note: If your operating system is Windows 7 or Vista: Right-click on OTL.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
- Under Output, ensure that the Standard Output option is selected.
- Under the Extra Registry section, select the Use SafeList option.
- Click the Scan All Users checkbox.
- Tick the LOP Check and Purity Check checkboxes.
- If your operating system is 64-bit:
also make sure the Include 64bit Scans checkbox is ticked.
Note: Please leave the remaining selections on the default settings.
- Click on the Run Scan button in the top left-hand corner of the program window.
- When done, two Notepad files will automatically open:
- OTL.txt <-- Will be opened, maximized.
- Extras.txt <-- Will be minimized on task bar.
- Please Copy and Paste the entire contents of both OTL.txt and Extras.txt files into your next reply.
Step 5:
Rootkit UnHooker (RkU)
Please Note: The resulting log file for this tool can be very long. You may need to post it separately.
- Please download Rootkit UnHooker. Save it to your Desktop.
- Double-click on the RKUnhookerLE.exe icon to run the program.
Note: If your operating system is Windows 7 or Vista: Right-click on RKUnhookerLE.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
- Click the Report tab, then click Scan.
- Check the Drivers, Stealth Code, Files and Code Hooks options.
- Uncheck the rest of the options. Then click on the OK button. (See the image below for reference.)
The scanning will toggle through the Checked items "tabs". This can take a while, so please be patient.
- When the scanner is finished, select File > Save Report.
- Save the file Report.txt to your Desktop.
- Click on the Close button and then click the Yes button to confirm.
- Copy and Paste the entire contents of the Report.txt file into your next reply.
Step 6:
Include in Next Post
- Did you have any problems carrying out the instructions?
- OTL.txt.
- Extras.txt.
- Report.txt.
- Do you have the original Windows installation media for your PC?
Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
_________________
Malware Removal University - You too could train to help others
Member of ASAP and UNITE |
|
| Back to top |
|
|
Antioch
Junior Member
Joined: 16 Aug 2009
Last Visit: 25 Jun 2012
Posts: 38
|
| Posted: Fri Apr 20, 2012 5:30 pm Post subject: SMART HDD |
|
|
Good morning Scolabar,
Thanks for your greetings.
It is 2.25pm GMT my end so it looks as if I will be following your instructions with a time difference between us.
I have had a glance through your reply and had already read the guidance instructions.
If I may I will pick up on this later today and hope to have some feedback the next time you are online.
I am off to bed having been out this evening.
Rgds
Antioch. |
|
| Back to top |
|
|
Antioch
Junior Member
Joined: 16 Aug 2009
Last Visit: 25 Jun 2012
Posts: 38
|
| Posted: Sat Apr 21, 2012 3:14 am Post subject: Smart HDD |
|
|
Hello Scolarbar
In safe mode I have no desktop icons nor anything showing in Start/All Programmes so could not get IE, but I remembered a little tip and got into IE via the Help and Support pages of Microsoft through control panel/add remove, where I was able to search for this forum and get the link to OTL.
As luck would have it, I had backed up all personal files and email two days before - I learnt that from the last time.
I will do the RkU and post separately as suggested.
Below are the notepad files from OTL - no problems encountered except the dll of OTL and the two notebook files do not show on the desktop.
OTL logfile created on: 21/04/2012 11:48:53 - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Richard Administrato\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1023.17 Mb Total Physical Memory | 655.85 Mb Available Physical Memory | 64.10% Memory free
2.41 Gb Paging File | 2.15 Gb Available in Paging File | 89.26% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 420.74 Gb Free Space | 90.33% Space Free | Partition Type: NTFS
Computer Name: RICHARD | User Name: Richard Administrato | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/04/21 11:46:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard Administrato\Desktop\OTL.exe
PRC - [2011/04/27 15:39:26 | 000,228,520 | -H-- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | -H-- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/14 14:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe -- (NielsenUpdate)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/15 14:45:55 | 000,253,088 | -H-- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/04/27 15:39:26 | 000,011,736 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/13 20:02:44 | 000,399,872 | -H-- | M] (Windows (R) Codename Longhorn DDK provider) [Auto | Stopped] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2010/06/23 11:41:28 | 000,167,936 | -H-- | M] () [Auto | Stopped] -- C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe -- (WDCS_WNDA3200)
SRV - [2010/03/04 23:38:00 | 000,071,096 | -H-- | M] () [Auto | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/11/05 16:08:36 | 000,360,529 | -H-- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNDA3200\jswpsapi.exe -- (jswpsapi)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | System | Stopped] -- C:\windows\system32\drivers\wvmkpjtg.sys -- (wvmkpjtg)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\Video3D32.sys -- (Video3D)
DRV - File not found [Kernel | System | Stopped] -- C:\windows\system32\drivers\qisgjdvk.sys -- (qisgjdvk)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\nielprt.sys -- (nielprt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nielgfx.sys -- (NielGfx)
DRV - File not found [Kernel | System | Stopped] -- C:\windows\system32\drivers\ncviiuch.sys -- (ncviiuch)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cesvizww.sys -- (cesvizww)
DRV - [2012/04/21 11:39:27 | 000,035,712 | ---- | M] () [Kernel | Boot | Unknown] -- C:\windows\System32\drivers\BlackBox.sys -- (BlackBox)
DRV - [2010/10/04 17:57:20 | 000,015,360 | -H-- | M] (The Nielsen Company) [Kernel | System | Running] -- C:\windows\System32\drivers\nnrnstdi.sys -- (nnrnstdi)
DRV - [2010/10/04 17:57:16 | 000,010,368 | -H-- | M] (The Nielsen Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\km_filter.sys -- (km_filter)
DRV - [2010/10/01 12:15:00 | 001,759,584 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)
DRV - [2009/11/12 14:48:56 | 000,005,504 | -H-- | M] () [File_System | Auto | Stopped] -- C:\windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/02/17 19:22:56 | 000,012,416 | -H-- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2008/10/28 19:27:10 | 000,017,664 | -H-- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2008/09/25 19:07:18 | 000,057,440 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2007/12/06 10:51:00 | 000,285,952 | -H-- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/09/24 14:28:46 | 000,005,248 | -H-- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/04/25 09:34:52 | 002,937,344 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/08/13 03:56:20 | 000,005,810 | RH-- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001/08/17 14:02:56 | 000,003,968 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWUSBFLT.SYS -- (SWUSBFLT)
DRV - [2001/08/17 14:02:50 | 000,002,688 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd)
DRV - [1996/04/03 20:33:26 | 000,005,248 | -H-- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-527237240-602609370-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-527237240-602609370-682003330-1004\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-527237240-602609370-682003330-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-527237240-602609370-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-527237240-602609370-682003330-1004\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-527237240-602609370-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/15 23:55:47 | 000,000,000 | -H-D | M]
[2012/03/02 22:56:23 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Richard Administrato\Application Data\Mozilla\Extensions
O1 HOSTS File: ([2012/04/16 20:05:33 | 000,000,855 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 94.63.147.17 www.bing.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll File not found
O2 - BHO: (no name) - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-527237240-602609370-682003330-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-527237240-602609370-682003330-1004\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Alcmtr] C:\windows\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [dplaysvr] C:\Documents and Settings\Richard Administrato\Application Data\dplaysvr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EPSON Stylus DX4000 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SideWinderTrayV4] C:\Program Files\Microsoft Hardware\Game Controllers\Common\SWTrayV4.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-527237240-602609370-682003330-1004..\Run: [dplaysvr] C:\Documents and Settings\Richard Administrato\Application Data\dplaysvr.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-527237240-602609370-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-527237240-602609370-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-527237240-602609370-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O15 - HKU\S-1-5-21-527237240-602609370-682003330-1004\..Trusted Domains: uttlesford.gov.uk ([www] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1293618189296 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} file:///D:/system/intralaunch.CAB (IntraLaunch.MainControl)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/29 00:01:02 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2a1860a8-ad66-11e0-b5b6-0013d4c3a2b0}\Shell - "" = AutoRun
O33 - MountPoints2\{2a1860a8-ad66-11e0-b5b6-0013d4c3a2b0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a1860a8-ad66-11e0-b5b6-0013d4c3a2b0}\Shell\AutoRun\command - "" = E:\AutoInst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/04/21 11:46:18 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Richard Administrato\Desktop\OTL.exe
[2012/04/18 12:46:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Richard Administrato\Recent
[2012/04/18 12:41:12 | 000,042,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\hfpxywkk.sys
[2012/04/16 22:36:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Richard Administrato\Start Menu\Programs\SMART HDD
[2012/04/16 21:16:13 | 000,102,952 | -HS- | C] (Microsoft Corporation) -- C:\Documents and Settings\Richard Administrato\Application Data\dplaysvr.exe
[2012/04/16 14:42:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Richard Administrato\Application Data\RealNetworks
[2012/04/12 13:37:24 | 000,148,480 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\imagehlp.dll
[2012/04/12 01:41:25 | 015,659,960 | -H-- | C] (Microsoft Corporation) -- C:\Documents and Settings\Richard Administrato\Desktop\Windows-KB890830-V4.7.exe
[2012/03/31 21:12:24 | 000,418,464 | -H-- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/03/27 20:45:54 | 000,000,000 | -H-D | C] -- C:\Program Files\UPHClean
[5 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Documents and Settings\Richard Administrato\*.tmp files -> C:\Documents and Settings\Richard Administrato\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/04/21 11:46:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard Administrato\Desktop\OTL.exe
[2012/04/21 11:39:27 | 000,035,712 | ---- | M] () -- C:\windows\System32\drivers\BlackBox.sys
[2012/04/21 11:01:51 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2012/04/21 10:59:16 | 000,000,316 | ---- | M] () -- C:\windows\tasks\RealUpgradeScheduledTaskS-1-5-21-527237240-602609370-682003330-1004.job
[2012/04/21 10:59:16 | 000,000,308 | ---- | M] () -- C:\windows\tasks\RealUpgradeLogonTaskS-1-5-21-527237240-602609370-682003330-1004.job
[2012/04/21 10:58:34 | 000,000,910 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/21 10:56:07 | 000,000,664 | ---- | M] () -- C:\windows\System32\d3d9caps.dat
[2012/04/21 10:44:06 | 000,013,646 | -H-- | M] () -- C:\windows\System32\wpa.dbl
[2012/04/18 12:41:12 | 000,042,960 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\drivers\hfpxywkk.sys
[2012/04/18 12:24:14 | 000,000,914 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/16 23:06:16 | 000,000,830 | -H-- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/04/16 22:43:31 | 000,000,847 | -H-- | M] () -- C:\Documents and Settings\Richard Administrato\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012/04/16 22:36:45 | 000,000,168 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-0hmH552dWwkvWdr
[2012/04/16 22:36:45 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-0hmH552dWwkvWd
[2012/04/16 22:36:42 | 000,000,256 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\0hmH552dWwkvWd
[2012/04/16 21:19:44 | 000,049,664 | -H-- | M] () -- C:\Documents and Settings\Richard Administrato\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/16 20:05:49 | 000,102,952 | -HS- | M] (Microsoft Corporation) -- C:\Documents and Settings\Richard Administrato\Application Data\dplaysvr.exe
[2012/04/16 20:05:33 | 000,000,855 | RH-- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/04/15 14:45:55 | 000,418,464 | -H-- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/04/15 14:45:54 | 000,070,304 | -H-- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012/04/12 13:34:03 | 000,514,680 | -H-- | M] () -- C:\windows\System32\perfh009.dat
[2012/04/12 13:34:03 | 000,091,212 | -H-- | M] () -- C:\windows\System32\perfc009.dat
[2012/04/12 13:28:31 | 000,001,374 | -H-- | M] () -- C:\windows\imsins.BAK
[2012/04/12 01:41:35 | 015,659,960 | -H-- | M] (Microsoft Corporation) -- C:\Documents and Settings\Richard Administrato\Desktop\Windows-KB890830-V4.7.exe
[2012/04/04 15:56:40 | 000,022,344 | -H-- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[5 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Documents and Settings\Richard Administrato\*.tmp files -> C:\Documents and Settings\Richard Administrato\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/04/21 11:39:27 | 000,035,712 | ---- | C] () -- C:\windows\System32\drivers\BlackBox.sys
[2012/04/17 15:23:05 | 000,000,664 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
[2012/04/16 22:43:31 | 000,000,847 | -H-- | C] () -- C:\Documents and Settings\Richard Administrato\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012/04/16 22:36:45 | 000,000,168 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-0hmH552dWwkvWdr
[2012/04/16 22:36:45 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-0hmH552dWwkvWd
[2012/04/16 22:36:39 | 000,000,256 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\0hmH552dWwkvWd
[2012/03/31 21:12:25 | 000,000,830 | -H-- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/02/29 23:41:38 | 000,005,504 | -H-- | C] () -- C:\windows\System32\drivers\StarOpen.sys
[2012/02/17 15:22:06 | 000,003,072 | -H-- | C] () -- C:\windows\System32\iacenc.dll
[2012/02/13 03:39:17 | 000,049,664 | -H-- | C] () -- C:\Documents and Settings\Richard Administrato\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/10 16:37:41 | 000,262,144 | -H-- | C] () -- C:\windows\System32\default_user_class.dat
[2011/06/24 19:41:28 | 000,165,376 | -H-- | C] () -- C:\windows\System32\unrar.dll
[2011/01/08 14:07:35 | 000,257,584 | -H-- | C] () -- C:\windows\System32\nvdrsdb0.bin
[2011/01/08 14:07:32 | 000,257,584 | -H-- | C] () -- C:\windows\System32\nvdrsdb1.bin
[2011/01/08 14:07:32 | 000,000,001 | -H-- | C] () -- C:\windows\System32\nvdrssel.bin
[2011/01/08 14:07:24 | 002,294,198 | -H-- | C] () -- C:\windows\System32\nvdata.bin
[2010/12/29 15:39:30 | 000,000,000 | -H-- | C] () -- C:\windows\TSTW311.INI
[2010/12/29 00:49:31 | 000,111,932 | -H-- | C] () -- C:\windows\System32\EPPICPrinterDB.dat
[2010/12/29 00:49:31 | 000,031,053 | -H-- | C] () -- C:\windows\System32\EPPICPattern131.dat
[2010/12/29 00:49:31 | 000,027,417 | -H-- | C] () -- C:\windows\System32\EPPICPattern121.dat
[2010/12/29 00:49:31 | 000,026,154 | -H-- | C] () -- C:\windows\System32\EPPICPattern1.dat
[2010/12/29 00:49:31 | 000,024,903 | -H-- | C] () -- C:\windows\System32\EPPICPattern3.dat
[2010/12/29 00:49:31 | 000,021,390 | -H-- | C] () -- C:\windows\System32\EPPICPattern5.dat
[2010/12/29 00:49:31 | 000,020,148 | -H-- | C] () -- C:\windows\System32\EPPICPattern2.dat
[2010/12/29 00:49:31 | 000,011,811 | -H-- | C] () -- C:\windows\System32\EPPICPattern4.dat
[2010/12/29 00:49:31 | 000,004,943 | -H-- | C] () -- C:\windows\System32\EPPICPattern6.dat
[2010/12/29 00:49:31 | 000,001,146 | -H-- | C] () -- C:\windows\System32\EPPICPresetData_DU.dat
[2010/12/29 00:49:31 | 000,001,139 | -H-- | C] () -- C:\windows\System32\EPPICPresetData_PT.dat
[2010/12/29 00:49:31 | 000,001,139 | -H-- | C] () -- C:\windows\System32\EPPICPresetData_BP.dat
[2010/12/29 00:49:31 | 000,001,136 | -H-- | C] () -- C:\windows\System32\EPPICPresetData_ES.dat
[2010/12/29 00:49:31 | 000,001,129 | -H-- | C] () -- C:\windows\System32\EPPICPresetData_FR.dat
[2010/12/29 00:49:31 | 000,001,129 | -H-- | C] () -- C:\windows\System32\EPPICPresetData_CF.dat
[2010/12/29 00:49:31 | 000,001,120 | -H-- | C] () -- C:\windows\System32\EPPICPresetData_IT.dat
[2010/12/29 00:49:31 | 000,001,107 | -H-- | C] () -- C:\windows\System32\EPPICPresetData_GE.dat
[2010/12/29 00:49:31 | 000,001,104 | -H-- | C] () -- C:\windows\System32\EPPICPresetData_EN.dat
[2010/12/29 00:49:31 | 000,000,097 | -H-- | C] () -- C:\windows\System32\PICSDK.ini
[2010/12/29 00:42:35 | 000,156,672 | -H-- | C] () -- C:\windows\System32\RTLCPAPI.dll
[2010/12/29 00:42:35 | 000,040,960 | -H-- | C] () -- C:\windows\System32\ChCfg.exe
[2010/12/29 00:42:29 | 000,000,027 | -H-- | C] () -- C:\windows\CDE DX4000DEFGIPS.ini
[2010/12/29 00:38:52 | 000,005,810 | RH-- | C] () -- C:\windows\System32\drivers\ASACPI.sys
[2010/12/29 00:38:51 | 000,024,826 | -H-- | C] () -- C:\windows\Ascd_tmp.ini
[2010/12/29 00:38:43 | 000,005,824 | -H-- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2010/12/29 00:02:40 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat
[2010/12/28 23:58:32 | 000,021,640 | -H-- | C] () -- C:\windows\System32\emptyregdb.dat
[2010/12/28 23:30:51 | 000,000,376 | -H-- | C] () -- C:\windows\ODBC.INI
[2010/12/28 15:46:53 | 000,004,161 | -H-- | C] () -- C:\windows\ODBCINST.INI
[2010/12/28 15:45:17 | 000,255,864 | -H-- | C] () -- C:\windows\System32\FNTCACHE.DAT
========== LOP Check ==========
[2012/02/29 23:42:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/12/28 23:39:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2012/04/02 15:11:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/29 00:54:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2012/02/29 23:42:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Richard Administrato\Application Data\Canneverbe Limited
[2011/08/06 13:35:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Richard Administrato\Application Data\DDMSettings
[2010/12/31 17:26:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Richard Administrato\Application Data\Foxit Software
[2011/01/03 15:27:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Richard Administrato\Application Data\Windows Desktop Search
[2011/01/03 15:27:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Richard Administrato\Application Data\Windows Search
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 630 bytes -> C:\windows\System32\drivers\hfpxywkk.sys:changelist
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
OTL Extras logfile created on: 21/04/2012 11:48:53 - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Richard Administrato\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1023.17 Mb Total Physical Memory | 655.85 Mb Available Physical Memory | 64.10% Memory free
2.41 Gb Paging File | 2.15 Gb Available in Paging File | 89.26% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 420.74 Gb Free Space | 90.33% Space Free | Partition Type: NTFS
Computer Name: RICHARD | User Name: Richard Administrato | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
"C:\Program Files\1ClickDownload\1ClickDownload.exe" = C:\Program Files\1ClickDownload\1ClickDownload.exe:*:Disabled:1ClickDownload
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A1FA4C1-2701-401C-8CE1-FDDE45304FF5}" = ASUS nVidia Driver
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{287EAC0F-6C96-4712-97A6-958510872CBB}" = Utility
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D654496-9C3D-4565-858C-3E551ECDA4E2}" = Virtual Cable Tester
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{57AD3417-E56A-4806-850E-97C0456FC992}" = The Sum of All Fears Demo
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63934E99-A4F7-478C-8BB0-259BB9D78FFF}" = Microsoft Report Viewer Redistributable 2005
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7D15B945-2725-4443-AB3F-D900556612FE}" = User Profile Hive Cleanup Service
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B02F55E-7E6B-4226-8E67-76514D33FD41}_is1" = NETGEAR WNDA3200 wireless adapter Setup
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3DEE8B9-2585-46F8-A490-5334BCABECA8}" = Ghost Recon Demo
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Crossword Compiler" = Crossword Compiler
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESDX4000_4050_CX3900" = ESDX4000_4050_CX3900
"Flight Simulator 8.0" = Microsoft Flight Simulator 2002
"Foxit Reader" = Foxit Reader
"Gadwin PrintScreen" = Gadwin PrintScreen
"ie8" = Windows Internet Explorer 8
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Microsoft Security Client" = Microsoft Security Essentials
"MSNINST" = MSN
"MyConnection PC Lite Edition" = MyConnection PC Lite Edition
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"RealPlayer 15.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.93
"SideWinder Force Feedback 2" = SideWinder Force Feedback 2
"SpeedFan" = SpeedFan (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.6
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"xvid" = XviD MPEG-4 Video Codec
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-527237240-602609370-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 17/04/2012 04:54:23 | Computer Name = RICHARD | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\RICHARD ADMINISTRATO\RECENT\DESKTOP.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)
Error - 17/04/2012 04:56:23 | Computer Name = RICHARD | Source = Application Hang | ID = 1002
Description = Hanging application 0hmH552dWwkvWd.exe, version 19.3.4.4, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 17/04/2012 10:17:25 | Computer Name = RICHARD | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\RICHARD ADMINISTRATO\RECENT\DESKTOP.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)
Error - 18/04/2012 07:26:35 | Computer Name = RICHARD | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\RICHARD ADMINISTRATO\RECENT\DESKTOP.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)
Error - 18/04/2012 07:26:37 | Computer Name = RICHARD | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 1.1.8202.0, P3 1.123.1869.0, P4 1.123.1869.0, P5 trojan_win32_fakesysdef, P6
NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 18/04/2012 07:33:00 | Computer Name = RICHARD | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\RICHARD ADMINISTRATO\RECENT\DESKTOP.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)
Error - 18/04/2012 07:41:25 | Computer Name = RICHARD | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 1.1.8202.0, P3 1.123.1869.0, P4 1.123.1869.0, P5 trojan_win32_fakesysdef, P6
NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 18/04/2012 07:47:15 | Computer Name = RICHARD | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\RICHARD ADMINISTRATO\RECENT\DESKTOP.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)
Error - 21/04/2012 05:54:18 | Computer Name = RICHARD | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.
Error - 21/04/2012 06:12:07 | Computer Name = RICHARD | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.
[ Application Events ]
Error - 17/04/2012 04:54:23 | Computer Name = RICHARD | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\RICHARD ADMINISTRATO\RECENT\DESKTOP.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)
Error - 17/04/2012 04:56:23 | Computer Name = RICHARD | Source = Application Hang | ID = 1002
Description = Hanging application 0hmH552dWwkvWd.exe, version 19.3.4.4, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 17/04/2012 10:17:25 | Computer Name = RICHARD | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\RICHARD ADMINISTRATO\RECENT\DESKTOP.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)
Error - 18/04/2012 07:26:35 | Computer Name = RICHARD | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\RICHARD ADMINISTRATO\RECENT\DESKTOP.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)
Error - 18/04/2012 07:26:37 | Computer Name = RICHARD | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 1.1.8202.0, P3 1.123.1869.0, P4 1.123.1869.0, P5 trojan_win32_fakesysdef, P6
NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 18/04/2012 07:33:00 | Computer Name = RICHARD | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\RICHARD ADMINISTRATO\RECENT\DESKTOP.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)
Error - 18/04/2012 07:41:25 | Computer Name = RICHARD | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 1.1.8202.0, P3 1.123.1869.0, P4 1.123.1869.0, P5 trojan_win32_fakesysdef, P6
NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 18/04/2012 07:47:15 | Computer Name = RICHARD | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\RICHARD ADMINISTRATO\RECENT\DESKTOP.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)
Error - 21/04/2012 05:54:18 | Computer Name = RICHARD | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.
Error - 21/04/2012 06:12:07 | Computer Name = RICHARD | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.
[ System Events ]
Error - 21/04/2012 05:54:18 | Computer Name = RICHARD | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.123.2021.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM
Current
Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8007043c Error
description: This service cannot be started in Safe Mode
Error - 21/04/2012 05:56:23 | Computer Name = RICHARD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 21/04/2012 06:02:21 | Computer Name = RICHARD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 21/04/2012 06:03:38 | Computer Name = RICHARD | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm MpFilter
Error - 21/04/2012 06:05:36 | Computer Name = RICHARD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 21/04/2012 06:12:07 | Computer Name = RICHARD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 21/04/2012 06:12:07 | Computer Name = RICHARD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 21/04/2012 06:12:07 | Computer Name = RICHARD | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.123.2021.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM
Current
Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8007043c Error
description: This service cannot be started in Safe Mode
Error - 21/04/2012 06:22:40 | Computer Name = RICHARD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 21/04/2012 06:28:05 | Computer Name = RICHARD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
< End of report >
I am now going to do the RkU and post separately as suggested.
Rgds
Antioch |
|
| Back to top |
|
|
Antioch
Junior Member
Joined: 16 Aug 2009
Last Visit: 25 Jun 2012
Posts: 38
|
| Posted: Sat Apr 21, 2012 3:35 am Post subject: SMART HDD |
|
|
Hi Scolarbar
I have tried the Rootkit Unhooker - it saves to the desktop folder where the other files are but it will not open with double left click or left click 'open'.
I get an error box saying 'Error loading/opening driver.
I have tried three times - same each time.
Rgds
Antioch |
|
| Back to top |
|
|
Scolabar
SWW Honors Graduate
Joined: 24 Aug 2011
Last Visit: 27 Jun 2012
Posts: 105
|
| Posted: Sun Apr 22, 2012 12:35 am Post subject: |
|
|
Hi Antioch,
Thank you for the logs and feedback.
| Antioch wrote: |
| As luck would have it, I had backed up all personal files and email two days before - I learnt that from the last time. |
That's good to hear. 
| Antioch wrote: |
I have tried the Rootkit Unhooker - it saves to the desktop folder where the other files are but it will not open with double left click or left click 'open'.
I get an error box saying 'Error loading/opening driver.
I have tried three times - same each time. |
OK. We'll try another option. 
Please can you confirm whether or not you have the original Windows installation media for your PC?
Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.
Before proceeding please make sure any open programs are closed.
Step 1:
Business Use Computer?
Entries in the log you have provided lead me to believe that this computer may be being used for business purposes.
Please could you confirm whether or not this is the case? If not, please proceed with Step 2 and clarify for what purposes this computer is used in your next post.
Step 2:
TDSSKiller - Scan
- Please download TDSSKiller.exe by Kaspersky and save it to your Desktop. <-- Important!!!
- Double-click on TDSSKiller.exe to launch it.
If TDSSKiller does not run, try renaming the program file. Right-click on TDSSKiller.exe, select the Rename option and give the program a random name with the .com file extension (i.e. ektfhtw.com).
If you cannot see file extensions, please refer to: How to change the file extension.
- Click the Start Scan button. Do not use the computer during the scan!
- When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
- Now click on Report to open the log file created by TDSSKiller.
- The log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt is created and saved to the root directory. (Usually C: drive).
- Copy and Paste the entire contents of the TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt file into your next reply.
PLEASE DO NOT TRY TO FIX ANYTHING AT THIS STAGE.
Step 3:
Security Check
- Please download Security Check by screen317 and Save it to your Desktop.
Alternate download site: Link 2
- Double-click on the SecurityCheck.exe icon to run the program.
- Press the Space Bar when you see the Press any key to continue... message.
Please Note: This scan will take a short while to complete, so please be patient.
- When the scan has completed, a Notepad file will automatically open called checkup.txt.
- Save the file checkup.txt to your Desktop.
Please Note: This output file is NOT automatically saved!
- Then Copy and Paste the entire contents of the checkup.txt file into your next reply.
Step 4:
Include in Next Post
- Did you have any problems carrying out the instructions?
- TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt.
- SecurityCheck.exe.
- Do you have the original Windows installation media for your PC?
Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
_________________
Malware Removal University - You too could train to help others
Member of ASAP and UNITE |
|
| Back to top |
|
|
Antioch
Junior Member
Joined: 16 Aug 2009
Last Visit: 25 Jun 2012
Posts: 38
|
| Posted: Sun Apr 22, 2012 5:06 am Post subject: SMART HDD |
|
|
Hi Scolabar
To update you before I take the next steps -
I have my XP and SP2 discs.
My computer is not being nor has been used for 'business' - i.e.never been connected to a company server. The one I am using has, funnily enough.
I play Flight Sims and surf news sites worldwide[a bit risky I know]
I also survey web sites and report on them[this may have indicated what you could consider 'business' use.
Re the rootkit unhooker - would it be wise to dll and burn onto disc and see if it will open and run from there?
I think I will wait for your reply to my update rather than cause any further problems
Rgds
Antioch |
|
| Back to top |
|
|
Antioch
Junior Member
Joined: 16 Aug 2009
Last Visit: 25 Jun 2012
Posts: 38
|
| Posted: Sun Apr 22, 2012 5:36 am Post subject: SMART HDD |
|
|
Just a quicky - I just realised that when I tried to dll and open the 'rootkit' I think I may have signed in as User and not Administrator because I have just logged on in safe mode and the software was on the desktop - double click and no error - and it runs.
I will do a run and post results.
Rgds
Antioch |
|
| Back to top |
|
|
Antioch
Junior Member
Joined: 16 Aug 2009
Last Visit: 25 Jun 2012
Posts: 38
|
| Posted: Sun Apr 22, 2012 6:03 am Post subject: SMART HDD |
|
|
Hi Scolabar
Below is the saved report from running the Rootkit -
RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0x804D7000 C:\windows\system32\ntoskrnl.exe 2265088 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2265088 bytes
0x804D7000 RAW 2265088 bytes
0x804D7000 WMIxWDM 2265088 bytes
0xBF800000 Win32k 1863680 bytes
0xBF800000 C:\windows\System32\win32k.sys 1863680 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF732E000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF7453000 wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0xF6EC9000 C:\windows\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF70C4000 C:\windows\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF6FFC000 C:\windows\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF58A7000 C:\windows\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBD012000 C:\windows\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF7231000 C:\windows\system32\DRIVERS\yk51x86.sys 286720 bytes (Marvell, Miniport Driver for Marvell Yukon Ethernet Controller.)
0xF74E0000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF7301000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF6F39000 C:\windows\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF7277000 C:\windows\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xF6F86000 C:\windows\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF6FAE000 C:\windows\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF5793000 C:\windows\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF720D000 C:\windows\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF71EA000 C:\windows\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF6F64000 C:\windows\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80700000 ACPI_HAL 134400 bytes
0x80700000 C:\windows\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF73E4000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7434000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF72E7000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF741C000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF6EB1000 C:\windows\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7404000 C:\windows\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF73BB000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF71D3000 C:\windows\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF7088000 C:\windows\System32\drivers\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF7055000 C:\windows\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 C:\windows\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF73D2000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF74CF000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF71C2000 C:\windows\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF76FF000 C:\windows\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF760F000 C:\windows\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF762F000 C:\windows\system32\DRIVERS\jswscimd.sys 61440 bytes (Atheros Communications, Inc., Wireless Intermediate Miniport Driver)
0xF761F000 C:\windows\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF769F000 C:\windows\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF758F000 C:\windows\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF75EF000 C:\windows\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF763F000 C:\windows\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF756F000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF754F000 C:\windows\System32\Drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xF765F000 C:\windows\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF75FF000 C:\windows\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF755F000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF764F000 C:\windows\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF753F000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF768F000 C:\windows\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF759F000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF767F000 C:\windows\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF752F000 BlackBox.sys 36864 bytes (RKU Driver)
0xF757F000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF76EF000 C:\windows\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF766F000 C:\windows\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF76BF000 C:\windows\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF78E7000 C:\windows\System32\Drivers\nnrnstdi.SYS 32768 bytes (The Nielsen Company, NNRNSTDI helper driver)
0xF78D7000 C:\windows\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF781F000 C:\windows\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7907000 C:\windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF77AF000 C:\windows\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF77BF000 iteatapi.sys 24576 bytes (Integrated Technology Express, Inc., ITE IT8211 ATA/ATAPI SCSI miniport)
0xF782F000 C:\windows\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7887000 C:\windows\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF780F000 C:\windows\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF78B7000 C:\windows\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF789F000 C:\windows\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF78C7000 C:\windows\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF77B7000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF786F000 C:\windows\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF787F000 C:\windows\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF785F000 C:\windows\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF792F000 C:\windows\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF79E7000 C:\windows\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF6BB1000 C:\windows\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF793F000 C:\windows\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF70A8000 C:\windows\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBFF50000 C:\windows\System32\framebuf.dll 12288 bytes (Microsoft Corporation, Framebuffer Display Driver)
0xF729F000 C:\windows\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF79D3000 C:\windows\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF79D7000 C:\windows\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7A1F000 C:\windows\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7A2F000 00000042 8192 bytes
0xF7A37000 C:\windows\system32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility)
0xF7A4B000 C:\windows\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7A59000 C:\windows\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7A47000 C:\windows\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7A2F000 C:\windows\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7A4F000 C:\windows\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7A33000 speedfan.sys 8192 bytes
0xF7A3D000 C:\windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7A43000 C:\windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7A31000 C:\windows\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7B72000 C:\windows\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7AF8000 giveio.sys 4096 bytes
0xF7C02000 C:\windows\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7AF7000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x872F8053 00000167 4013 bytes
==============================================
>Stealth
==============================================
0x872F9995 Unknown page with executable code, 1643 bytes
0x872FA85D Unknown page with executable code, 1955 bytes
0x872F9769 Unknown page with executable code, 2199 bytes
0x872FA6BA Unknown page with executable code, 2374 bytes
0x872FC44C Unknown page with executable code, 2996 bytes
0x872FA2E4 Unknown page with executable code, 3356 bytes
0x872F72A1 Unknown page with executable code, 3423 bytes
0x872F721A Unknown page with executable code, 3558 bytes
0x872F8211 Unknown page with executable code, 3567 bytes
0x872F8053 Unknown page with executable code, 4013 bytes
0x872FA2CB Unknown thread object [ ETHREAD 0x87315DA8 ] TID: 152, 600 bytes
0x872FA9E3 Unknown thread object [ ETHREAD 0x87335B10 ] TID: 160, 600 bytes
0x872FB8C3 Unknown thread object [ ETHREAD 0x87330578 ] TID: 164, 600 bytes
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00005B22, Type: Inline - RelativeJump 0x804DCB22-->804DCB29 [ntoskrnl.exe]
[1888]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->5CB77774 [shimeng.dll]
[1888]explorer.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A81188-->5CB77774 [shimeng.dll]
[1888]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->5CB77774 [shimeng.dll]
[1888]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->5CB77774 [shimeng.dll]
[1888]explorer.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->5CB77774 [shimeng.dll]
[1888]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->5CB77774 [shimeng.dll]
[1888]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->5CB77774 [shimeng.dll]
[1888]explorer.exe-->wininet.dll-->HttpAddRequestHeadersA, Type: Inline - RelativeJump 0x3D94CF5E-->016CDABA [unknown_code_page]
[1888]explorer.exe-->wininet.dll-->HttpAddRequestHeadersW, Type: Inline - RelativeJump 0x3D94FE59-->016CDBDF [unknown_code_page]
[1888]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->5CB77774 [shimeng.dll]
[1888]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->5CB77774 [shimeng.dll]
Just a bit of additional info - hope you don't mind -
In normal mode I no longer get 'smarthdd' opening and wanting to run. It has probably been hit so many times now, by MSE.
I have also kept MSE updated and scan fully - the latest nasty found is -
Trojan:WIN32/CLEAMAN.G - indicated that this has been removed.
Rgds
Antioch |
|
| Back to top |
|
|
Scolabar
SWW Honors Graduate
Joined: 24 Aug 2011
Last Visit: 27 Jun 2012
Posts: 105
|
| Posted: Sun Apr 22, 2012 10:12 pm Post subject: |
|
|
Hi Antioch,
Thank you for the Rootkit UnHooker log and feedback.
Please Note: I would be grateful if you could please follow the instructions exactly as provided, and nothing more. By not doing so problems can result further down the line, potentially causing the cleanup process to take much longer.
| Antioch wrote: |
| ... I may have signed in as User and not Administrator ... |
All the instructions provided will require you to be logged using a user account with administrative privileges, unless otherwise instructed.
| Antioch wrote: |
| I have my XP and SP2 discs. |
That's good to know.
Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.
Before proceeding please make sure any open programs are closed.
Step 1:
ERUNT - Emergency Recovery Utility NT
Before continuing we will try to back up the Registry with ERUNT.
ERUNT (Emergency Recovery Utility NT) by Lars Hederer is a free program that allows you to create a complete backup of your registry and restore it when needed.
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
- Please download ERUNT and save it to your Desktop.
- Double-click on erunt-setup-exe to run the installation process.
Note: If the Open File - Security Warning window pops up, click on the Run button.
- Install ERUNT by following the prompts using the default installation settings.
- Make sure the first two check boxes Create ERUNT desktop icon and Create NTREGOPT desktop icon are checked.
- When you reach the section that asks you to add ERUNT to the Start-Up folder click on the No button. This later can be enabled later, if required.
- In the final screen make sure the Show documentation option is unchecked. Then click on the Finish button.
- Click on the OK button in the Welcome! screen.
- Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT\DD-MM-YYYY (where DD-MM-YYYY is the date of the backup) which is fine.
- under Backup options make sure both of the first two options: System registry and Current user registry are checked.
- Click on the Yes button to allow the folder to be created.
After a short duration the Registry backup is complete! pop-up message will appear.
- Now click on OK. A registry backup has now been created.
< STOP > If you are unable to complete this step successfully, < STOP > do not continue with any fix steps, let me know immediately in your next post!
Step 2:
TDSSKiller - Scan
Please run the TDSSKiller[b] tool exactly as previously instructed and post the contents of the [b]TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt file into your next reply.
Step 3:
Security Check
Please run the Security Check tool as previously instructed and post the contents of the SecurityCheck.exe file into your next reply.
Step 4:
Include in Next Post
- Did you have any problems carrying out the instructions?
- TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt.
- SecurityCheck.exe.
- Do you have the original Windows installation media for your PC?
Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
_________________
Malware Removal University - You too could train to help others
Member of ASAP and UNITE |
|
| Back to top |
|
|
Antioch
Junior Member
Joined: 16 Aug 2009
Last Visit: 25 Jun 2012
Posts: 38
|
| Posted: Mon Apr 23, 2012 1:10 am Post subject: SMART HDD |
|
|
Hi Scolabar
I thought I had been following your instructions exactly.
My appologies if I have not being doing so.
I did mention that I was only able to access the net in a roundabout way via User Computer Administrator. But then nothing saves to the desktop, but a folder, which is created when I save something but appears to only be temporary.
When I login as Computer Administrator, everything I download is saved to the desktop and remains there.
Also, Admin gives me a link from 'Start' to the net and allows me to save links in IE favourites.
I dont know why there is a difference as it is my understanding that I had/have full admin privilages in both. The only other type of account is for guest.
I think it best to wait till you confirm which method I use to access the net and dll and install.
Rgds
Antioch |
|
| Back to top |
|
|
Scolabar
SWW Honors Graduate
Joined: 24 Aug 2011
Last Visit: 27 Jun 2012
Posts: 105
|
| Posted: Mon Apr 23, 2012 12:06 pm Post subject: |
|
|
Hi Antioch,
| Antioch wrote: |
I thought I had been following your instructions exactly.
My appologies if I have not being doing so. |
Not to worry. No harm done.
The following two statements appear to be contradictory:
| Antioch wrote: |
... via User Computer Administrator. But then nothing saves to the desktop, but a folder, ...
... When I login as Computer Administrator, everything I download is saved to the desktop and remains there. |
... unless you mean two separate users named User Computer Administrator and Computer Administrator. Additionally, the OTL log shows the tool was run whilst logged in as the user Richard Administrato which does not appear to tie in.
My apologies. I wrongly assumed that having downloaded and posted the logs for the OTL and Rootkit UnHooker tools you would be able to use the same method for next round of tools. 
Hopefully the following instructions will reveal your programs and files - and keep them revealed - to allow us to continue to deal with the additional issues that your logs have revealed so far.
Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.
Before proceeding please make sure any open programs are closed.
Step 1:
Safe Mode
Login using Safe Mode with Networking as before.
Step 2:
Unhide Tool
Let's see if this tool will reveal your missing programs and data, and keep them revealed.
- Please download Unhide and Save it to your Desktop. <-- If necessary, save the file to a directory on the Desktop and run the tool from there.
- Double-click on unhide.exe to run the program.
- Please let me know the result of running this tool in your next post.
Step 3:
Continuation
If the previous step has worked and you are able to view and access your programs and files again, then please continue with the set of instructions provided in my last post and post the requested logs.
Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
_________________
Malware Removal University - You too could train to help others
Member of ASAP and UNITE |
|
| Back to top |
|
|
Antioch
Junior Member
Joined: 16 Aug 2009
Last Visit: 25 Jun 2012
Posts: 38
|
| Posted: Mon Apr 23, 2012 2:20 pm Post subject: SMART HDD |
|
|
Hi Scolabar
"The following two statements appear to be contradictory:"
Yes they do - the User Comp Admin is me, Richard.
What I discovered was that under my name I had to open the folder into which the dll was saved and NOT save to the desktop.
However, using the Administrator Account all your suggested dll's saved to the desktop - hope you understand that. Apologies again.
I did not proceed as the named administrator was a very long winded method, plus I had to negotiate rogue search engines which kept 'diverting' me.
Using Administrator was quick as I had a direct link to IE from the Start list and had no troublesome search sites. So I waited for your advice as to which method I should use.
My desktop now has all the folders etc showing. After completion I exited the cmd window and had a popup show twice asking me to get 'dead sea kit free' - its seems to have gone now.
However, I have to open the desktop every time I need to use it as all the icons disappeared as soon as I opened IE.
I will move on to the ERUNT run as I now have a desktop and hope to continue on the infected computer.
Rgds
Antioch |
|
| Back to top |
|
|
Antioch
Junior Member
Joined: 16 Aug 2009
Last Visit: 25 Jun 2012
Posts: 38
|
| Posted: Mon Apr 23, 2012 4:41 pm Post subject: SMART HDD |
|
|
Hi Scolabar
To continue -
Next post requirements -
1. No problems encountered - ERUNT ran ok and I have a full desktop showing. No interference when connecting and browsing on the net.
2. TDSSKiller
00:12:13.0578 1896 TDSS rootkit removing tool 2.7.32.0 Apr 23 2012 19:12:34
00:12:13.0718 1896 ============================================================
00:12:13.0718 1896 Current date / time: 2012/04/24 00:12:13.0718
00:12:13.0718 1896 SystemInfo:
00:12:13.0718 1896
00:12:13.0718 1896 OS Version: 5.1.2600 ServicePack: 3.0
00:12:13.0718 1896 Product type: Workstation
00:12:13.0718 1896 ComputerName: RICHARD
00:12:13.0718 1896 UserName: Richard Administrato
00:12:13.0718 1896 Windows directory: C:\windows
00:12:13.0718 1896 System windows directory: C:\windows
00:12:13.0718 1896 Processor architecture: Intel x86
00:12:13.0718 1896 Number of processors: 2
00:12:13.0718 1896 Page size: 0x1000
00:12:13.0718 1896 Boot type: Safe boot with network
00:12:13.0718 1896 ============================================================
00:12:16.0078 1896 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:12:16.0078 1896 ============================================================
00:12:16.0078 1896 \Device\Harddisk0\DR0:
00:12:16.0078 1896 MBR partitions:
00:12:16.0078 1896 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
00:12:16.0078 1896 ============================================================
00:12:16.0093 1896 C: <-> \Device\Harddisk0\DR0\Partition0
00:12:16.0093 1896 ============================================================
00:12:16.0093 1896 Initialize success
00:12:16.0093 1896 ============================================================
00:12:35.0078 0576 ============================================================
00:12:35.0078 0576 Scan started
00:12:35.0078 0576 Mode: Manual;
00:12:35.0078 0576 ============================================================
00:12:35.0968 0576 .afd - ok
00:12:36.0125 0576 7BD0FE40 - ok
00:12:36.0156 0576 Abiosdsk - ok
00:12:36.0187 0576 abp480n5 - ok
00:12:36.0265 0576 ACPI (8fd99680a539792a30e97944fdaecf17) C:\windows\system32\DRIVERS\ACPI.sys
00:12:36.0281 0576 ACPI - ok
00:12:36.0312 0576 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\windows\system32\drivers\ACPIEC.sys
00:12:36.0312 0576 ACPIEC - ok
00:12:36.0390 0576 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:12:36.0406 0576 AdobeFlashPlayerUpdateSvc - ok
00:12:36.0421 0576 adpu160m - ok
00:12:36.0484 0576 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys
00:12:36.0484 0576 aec - ok
00:12:36.0515 0576 AFD (c1ba2f19e6b7ee197f1b6f138e882cd4) C:\windows\System32\drivers\afd.sys
00:12:36.0531 0576 AFD ( Virus.Win32.ZAccess.k ) - infected
00:12:36.0531 0576 AFD - detected Virus.Win32.ZAccess.k (0)
00:12:36.0546 0576 Aha154x - ok
00:12:36.0578 0576 aic78u2 - ok
00:12:36.0593 0576 aic78xx - ok
00:12:36.0656 0576 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\windows\system32\alrsvc.dll
00:12:36.0656 0576 Alerter - ok
00:12:36.0687 0576 ALG (8c515081584a38aa007909cd02020b3d) C:\windows\System32\alg.exe
00:12:36.0687 0576 ALG - ok
00:12:36.0703 0576 AliIde - ok
00:12:36.0734 0576 amsint - ok
00:12:36.0765 0576 AppMgmt - ok
00:12:36.0921 0576 AR9271 (3bc98a53c0abe3feb3b2b9b3bd9e7aa5) C:\windows\system32\DRIVERS\athuw.sys
00:12:36.0953 0576 AR9271 - ok
00:12:37.0000 0576 asc - ok
00:12:37.0031 0576 asc3350p - ok
00:12:37.0062 0576 asc3550 - ok
00:12:37.0187 0576 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
00:12:37.0203 0576 aspnet_state - ok
00:12:37.0234 0576 asusgsb (d320732bcf5ff856120bd06855c66867) C:\windows\system32\drivers\asusgsb.sys
00:12:37.0234 0576 asusgsb - ok
00:12:37.0265 0576 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys
00:12:37.0281 0576 AsyncMac - ok
00:12:37.0328 0576 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys
00:12:37.0328 0576 atapi - ok
00:12:37.0343 0576 Atdisk - ok
00:12:37.0390 0576 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys
00:12:37.0406 0576 Atmarpc - ok
00:12:37.0437 0576 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\windows\System32\audiosrv.dll
00:12:37.0437 0576 AudioSrv - ok
00:12:37.0484 0576 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys
00:12:37.0484 0576 audstub - ok
00:12:37.0546 0576 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys
00:12:37.0546 0576 Beep - ok
00:12:37.0625 0576 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
00:12:37.0671 0576 BITS - ok
00:12:37.0703 0576 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\windows\System32\browser.dll
00:12:37.0703 0576 Browser - ok
00:12:37.0750 0576 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys
00:12:37.0750 0576 cbidf2k - ok
00:12:37.0781 0576 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\windows\system32\DRIVERS\CCDECODE.sys
00:12:37.0781 0576 CCDECODE - ok
00:12:37.0796 0576 cd20xrnt - ok
00:12:37.0859 0576 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys
00:12:37.0859 0576 Cdaudio - ok
00:12:37.0875 0576 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys
00:12:37.0890 0576 Cdfs - ok
00:12:37.0921 0576 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\windows\system32\DRIVERS\cdrom.sys
00:12:37.0921 0576 Cdrom - ok
00:12:37.0937 0576 cesvizww - ok
00:12:37.0968 0576 Changer - ok
00:12:38.0000 0576 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\windows\system32\cisvc.exe
00:12:38.0000 0576 CiSvc - ok
00:12:38.0062 0576 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\windows\system32\clipsrv.exe
00:12:38.0062 0576 ClipSrv - ok
00:12:38.0140 0576 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:12:38.0156 0576 clr_optimization_v2.0.50727_32 - ok
00:12:38.0187 0576 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:12:38.0203 0576 clr_optimization_v4.0.30319_32 - ok
00:12:38.0218 0576 CmdIde - ok
00:12:38.0250 0576 COMSysApp - ok
00:12:38.0312 0576 Cpqarray - ok
00:12:38.0343 0576 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\windows\System32\cryptsvc.dll
00:12:38.0343 0576 CryptSvc - ok
00:12:38.0359 0576 dac2w2k - ok
00:12:38.0390 0576 dac960nt - ok
00:12:38.0468 0576 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\windows\system32\rpcss.dll
00:12:38.0546 0576 DcomLaunch - ok
00:12:38.0593 0576 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\windows\System32\dhcpcsvc.dll
00:12:38.0609 0576 Dhcp - ok
00:12:38.0656 0576 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys
00:12:38.0656 0576 Disk - ok
00:12:38.0671 0576 dmadmin - ok
00:12:38.0765 0576 dmboot (d992fe1274bde0f84ad826acae022a41) C:\windows\system32\drivers\dmboot.sys
00:12:38.0781 0576 dmboot - ok
00:12:38.0812 0576 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\windows\system32\drivers\dmio.sys
00:12:38.0828 0576 dmio - ok
00:12:38.0843 0576 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys
00:12:38.0859 0576 dmload - ok
00:12:38.0875 0576 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\windows\System32\dmserver.dll
00:12:38.0890 0576 dmserver - ok
00:12:38.0921 0576 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys
00:12:38.0921 0576 DMusic - ok
00:12:38.0953 0576 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\windows\System32\dnsrslvr.dll
00:12:38.0968 0576 Dnscache - ok
00:12:39.0000 0576 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\windows\System32\dot3svc.dll
00:12:39.0000 0576 Dot3svc - ok
00:12:39.0031 0576 dpti2o - ok
00:12:39.0062 0576 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys
00:12:39.0062 0576 drmkaud - ok
00:12:39.0093 0576 EapHost (2187855a7703adef0cef9ee4285182cc) C:\windows\System32\eapsvc.dll
00:12:39.0109 0576 EapHost - ok
00:12:39.0125 0576 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\windows\System32\ersvc.dll
00:12:39.0125 0576 ERSvc - ok
00:12:39.0171 0576 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\windows\system32\services.exe
00:12:39.0187 0576 Eventlog - ok
00:12:39.0234 0576 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
00:12:39.0234 0576 EventSystem - ok
00:12:39.0296 0576 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys
00:12:39.0296 0576 Fastfat - ok
00:12:39.0328 0576 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\windows\System32\shsvcs.dll
00:12:39.0343 0576 FastUserSwitchingCompatibility - ok
00:12:39.0359 0576 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\DRIVERS\fdc.sys
00:12:39.0359 0576 Fdc - ok
00:12:39.0390 0576 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\windows\system32\drivers\Fips.sys
00:12:39.0390 0576 Fips - ok
00:12:39.0421 0576 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\DRIVERS\flpydisk.sys
00:12:39.0421 0576 Flpydisk - ok
00:12:39.0453 0576 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\drivers\fltmgr.sys
00:12:39.0453 0576 FltMgr - ok
00:12:39.0593 0576 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:12:39.0593 0576 FontCache3.0.0.0 - ok
00:12:39.0609 0576 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys
00:12:39.0609 0576 Fs_Rec - ok
00:12:39.0640 0576 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\windows\system32\DRIVERS\ftdisk.sys
00:12:39.0656 0576 Ftdisk - ok
00:12:39.0687 0576 GcKernel (72fe2bea6863d4eb93442a1c4fb5ca48) C:\windows\system32\DRIVERS\GcKernel.sys
00:12:39.0687 0576 GcKernel - ok
00:12:39.0703 0576 giveio (77ebf3e9386daa51551af429052d88d0) C:\windows\system32\giveio.sys
00:12:39.0718 0576 giveio - ok
00:12:39.0750 0576 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys
00:12:39.0750 0576 Gpc - ok
00:12:39.0843 0576 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
00:12:39.0859 0576 gupdate - ok
00:12:39.0875 0576 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
00:12:39.0875 0576 gupdatem - ok
00:12:39.0937 0576 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
00:12:39.0953 0576 gusvc - ok
00:12:39.0984 0576 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\windows\system32\DRIVERS\HDAudBus.sys
00:12:39.0984 0576 HDAudBus - ok
00:12:40.0078 0576 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:12:40.0078 0576 helpsvc - ok
00:12:40.0093 0576 HidServ - ok
00:12:40.0156 0576 HIDSwvd (bd205320308fb41c88a4049a2d1764b4) C:\windows\system32\DRIVERS\HIDSwvd.sys
00:12:40.0156 0576 HIDSwvd - ok
00:12:40.0171 0576 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\windows\system32\DRIVERS\hidusb.sys
00:12:40.0171 0576 hidusb - ok
00:12:40.0218 0576 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\windows\System32\kmsvc.dll
00:12:40.0218 0576 hkmsvc - ok
00:12:40.0234 0576 hpn - ok
00:12:40.0281 0576 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\windows\system32\DRIVERS\HSFBS2S2.sys
00:12:40.0281 0576 HSFHWBS2 - ok
00:12:40.0375 0576 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\windows\system32\DRIVERS\HSFDPSP2.sys
00:12:40.0406 0576 HSF_DP - ok
00:12:40.0468 0576 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\windows\system32\Drivers\HTTP.sys
00:12:40.0468 0576 HTTP - ok
00:12:40.0515 0576 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\windows\System32\w3ssl.dll
00:12:40.0531 0576 HTTPFilter - ok
00:12:40.0546 0576 i2omgmt - ok
00:12:40.0578 0576 i2omp - ok
00:12:40.0625 0576 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\windows\system32\DRIVERS\i8042prt.sys
00:12:40.0625 0576 i8042prt - ok
00:12:40.0718 0576 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
00:12:40.0734 0576 IDriverT - ok
00:12:40.0890 0576 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:12:40.0921 0576 idsvc - ok
00:12:40.0937 0576 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys
00:12:40.0937 0576 Imapi - ok
00:12:41.0000 0576 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
00:12:41.0015 0576 ImapiService - ok
00:12:41.0046 0576 ini910u - ok
00:12:41.0281 0576 IntcAzAudAddService (0437f0b4e0f84fbc5463f71a911006d3) C:\windows\system32\drivers\RtkHDAud.sys
00:12:41.0343 0576 IntcAzAudAddService - ok
00:12:41.0421 0576 IntelIde - ok
00:12:41.0468 0576 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\windows\system32\DRIVERS\intelppm.sys
00:12:41.0468 0576 intelppm - ok
00:12:41.0500 0576 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\drivers\ip6fw.sys
00:12:41.0515 0576 Ip6Fw - ok
00:12:41.0546 0576 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys
00:12:41.0546 0576 IpFilterDriver - ok
00:12:41.0562 0576 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys
00:12:41.0578 0576 IpInIp - ok
00:12:41.0609 0576 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys
00:12:41.0625 0576 IpNat - ok
00:12:41.0656 0576 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys
00:12:41.0656 0576 IPSec - ok
00:12:41.0687 0576 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys
00:12:41.0703 0576 IRENUM - ok
00:12:41.0750 0576 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\windows\system32\DRIVERS\isapnp.sys
00:12:41.0765 0576 isapnp - ok
00:12:41.0781 0576 iteatapi (1fb76eb4caa25d493b20781f7cdd6818) C:\windows\system32\DRIVERS\iteatapi.sys
00:12:41.0781 0576 iteatapi - ok
00:12:41.0890 0576 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
00:12:41.0890 0576 JavaQuickStarterService - ok
00:12:41.0984 0576 jswpsapi (ad7c73c72480eecb7675c90eb565e7cb) C:\Program Files\NETGEAR\WNDA3200\jswpsapi.exe
00:12:42.0000 0576 jswpsapi - ok
00:12:42.0031 0576 JSWSCIMD (ad67795900aa8c05cc4570f5349e0639) C:\windows\system32\DRIVERS\jswscimd.sys
00:12:42.0031 0576 JSWSCIMD - ok
00:12:42.0062 0576 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\windows\system32\DRIVERS\kbdclass.sys
00:12:42.0062 0576 Kbdclass - ok
00:12:42.0125 0576 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\windows\system32\DRIVERS\kbdhid.sys
00:12:42.0125 0576 kbdhid - ok
00:12:42.0156 0576 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys
00:12:42.0156 0576 kmixer - ok
00:12:42.0187 0576 km_filter (d59657714e1c85a6584663970c052cb6) C:\windows\system32\drivers\km_filter.sys
00:12:42.0187 0576 km_filter - ok
00:12:42.0218 0576 KSecDD (b467646c54cc746128904e1654c750c1) C:\windows\system32\drivers\KSecDD.sys
00:12:42.0218 0576 KSecDD - ok
00:12:42.0265 0576 lanmanserver (f385f4b02c535bffe1d70cab80838123) C:\windows\System32\srvsvc.dll
00:12:42.0281 0576 lanmanserver - ok
00:12:42.0312 0576 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\windows\System32\wkssvc.dll
00:12:42.0328 0576 lanmanworkstation - ok
00:12:42.0343 0576 lbrtfdc - ok
00:12:42.0421 0576 LmHosts (a7db739ae99a796d91580147e919cc59) C:\windows\System32\lmhsvc.dll
00:12:42.0421 0576 LmHosts - ok
00:12:42.0453 0576 mdmxsdk (195741aee20369980796b557358cd774) C:\windows\system32\DRIVERS\mdmxsdk.sys
00:12:42.0453 0576 mdmxsdk - ok
00:12:42.0484 0576 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\windows\System32\msgsvc.dll
00:12:42.0500 0576 Messenger - ok
00:12:42.0515 0576 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys
00:12:42.0515 0576 mnmdd - ok
00:12:42.0546 0576 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
00:12:42.0562 0576 mnmsrvc - ok
00:12:42.0609 0576 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\windows\system32\drivers\Modem.sys
00:12:42.0609 0576 Modem - ok
00:12:42.0625 0576 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\windows\system32\DRIVERS\mouclass.sys
00:12:42.0625 0576 Mouclass - ok
00:12:42.0656 0576 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\windows\system32\DRIVERS\mouhid.sys
00:12:42.0671 0576 mouhid - ok
00:12:42.0687 0576 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys
00:12:42.0703 0576 MountMgr - ok
00:12:42.0734 0576 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\windows\system32\DRIVERS\MpFilter.sys
00:12:42.0750 0576 MpFilter - ok
00:12:42.0765 0576 mraid35x - ok
00:12:42.0812 0576 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys
00:12:42.0812 0576 MRxDAV - ok
00:12:42.0875 0576 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\windows\system32\DRIVERS\mrxsmb.sys
00:12:42.0890 0576 MRxSmb - ok
00:12:42.0906 0576 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
00:12:42.0921 0576 MSDTC - ok
00:12:42.0968 0576 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys
00:12:42.0968 0576 Msfs - ok
00:12:43.0000 0576 MSIServer - ok
00:12:43.0046 0576 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys
00:12:43.0046 0576 MSKSSRV - ok
00:12:43.0171 0576 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
00:12:43.0171 0576 MsMpSvc - ok
00:12:43.0218 0576 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys
00:12:43.0218 0576 MSPCLOCK - ok
00:12:43.0234 0576 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys
00:12:43.0234 0576 MSPQM - ok
00:12:43.0281 0576 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys
00:12:43.0281 0576 mssmbios - ok
00:12:43.0312 0576 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\windows\system32\drivers\MSTEE.sys
00:12:43.0328 0576 MSTEE - ok
00:12:43.0375 0576 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\windows\system32\DRIVERS\ASACPI.sys
00:12:43.0375 0576 MTsensor - ok
00:12:43.0390 0576 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\windows\system32\drivers\Mup.sys
00:12:43.0406 0576 Mup - ok
00:12:43.0437 0576 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\windows\system32\DRIVERS\NABTSFEC.sys
00:12:43.0437 0576 NABTSFEC - ok
00:12:43.0484 0576 napagent (0102140028fad045756796e1c685d695) C:\windows\System32\qagentrt.dll
00:12:43.0515 0576 napagent - ok
00:12:43.0531 0576 ncviiuch - ok
00:12:43.0578 0576 NDIS (1df7f42665c94b825322fae71721130d) C:\windows\system32\drivers\NDIS.sys
00:12:43.0578 0576 NDIS - ok
00:12:43.0609 0576 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\windows\system32\DRIVERS\NdisIP.sys
00:12:43.0609 0576 NdisIP - ok
00:12:43.0625 0576 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\windows\system32\DRIVERS\ndistapi.sys
00:12:43.0625 0576 NdisTapi - ok
00:12:43.0687 0576 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys
00:12:43.0703 0576 Ndisuio - ok
00:12:43.0718 0576 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\windows\system32\DRIVERS\ndiswan.sys
00:12:43.0734 0576 NdisWan - ok
00:12:43.0750 0576 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\windows\system32\drivers\NDProxy.sys
00:12:43.0765 0576 NDProxy - ok
00:12:43.0828 0576 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys
00:12:43.0828 0576 NetBIOS - ok
00:12:43.0875 0576 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys
00:12:43.0890 0576 NetBT - ok
00:12:43.0921 0576 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\windows\system32\netdde.exe
00:12:43.0937 0576 NetDDE - ok
00:12:43.0953 0576 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\windows\system32\netdde.exe
00:12:43.0968 0576 NetDDEdsdm - ok
00:12:44.0000 0576 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\windows\system32\lsass.exe
00:12:44.0000 0576 Netlogon - ok
00:12:44.0062 0576 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\windows\System32\netman.dll
00:12:44.0062 0576 Netman - ok
00:12:44.0171 0576 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:12:44.0171 0576 NetTcpPortSharing - ok
00:12:44.0187 0576 NielGfx - ok
00:12:44.0218 0576 nielprt - ok
00:12:44.0265 0576 NielsenUpdate - ok
00:12:44.0343 0576 Nla (943337d786a56729263071623bbb9de5) C:\windows\System32\mswsock.dll
00:12:44.0343 0576 Nla - ok
00:12:44.0406 0576 NMSAccess (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Program Files\CDBurnerXP\NMSAccessU.exe
00:12:44.0406 0576 NMSAccess - ok
00:12:44.0453 0576 nnrnstdi (66f6952248ece6b791629ba6c1ff7568) C:\windows\system32\drivers\nnrnstdi.sys
00:12:44.0453 0576 nnrnstdi - ok
00:12:44.0484 0576 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys
00:12:44.0484 0576 Npfs - ok
00:12:44.0562 0576 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys
00:12:44.0578 0576 Ntfs - ok
00:12:44.0593 0576 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\windows\system32\lsass.exe
00:12:44.0593 0576 NtLmSsp - ok
00:12:44.0671 0576 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\windows\system32\ntmssvc.dll
00:12:44.0734 0576 NtmsSvc - ok
00:12:44.0765 0576 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys
00:12:44.0765 0576 Null - ok
00:12:45.0265 0576 nv (231e377e60a96b53c169c5e04ac0a67a) C:\windows\system32\DRIVERS\nv4_mini.sys
00:12:45.0468 0576 nv - ok
00:12:45.0562 0576 NVSvc (a1d291a173a68c332678ddf3fc38d85b) C:\windows\system32\nvsvc32.exe
00:12:45.0578 0576 NVSvc - ok
00:12:45.0609 0576 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys
00:12:45.0625 0576 NwlnkFlt - ok
00:12:45.0640 0576 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys
00:12:45.0640 0576 NwlnkFwd - ok
00:12:45.0687 0576 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\windows\system32\DRIVERS\parport.sys
00:12:45.0687 0576 Parport - ok
00:12:45.0703 0576 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys
00:12:45.0718 0576 PartMgr - ok
00:12:45.0765 0576 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\windows\system32\drivers\ParVdm.sys
00:12:45.0765 0576 ParVdm - ok
00:12:45.0796 0576 PCI (a219903ccf74233761d92bef471a07b1) C:\windows\system32\DRIVERS\pci.sys
00:12:45.0796 0576 PCI - ok
00:12:45.0812 0576 PCIDump - ok
00:12:45.0859 0576 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\windows\system32\DRIVERS\pciide.sys
00:12:45.0859 0576 PCIIde - ok
00:12:45.0906 0576 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\windows\system32\drivers\Pcmcia.sys
00:12:45.0906 0576 Pcmcia - ok
00:12:45.0921 0576 PDCOMP - ok
00:12:45.0968 0576 PDFRAME - ok
00:12:46.0000 0576 PDRELI - ok
00:12:46.0031 0576 PDRFRAME - ok
00:12:46.0062 0576 perc2 - ok
00:12:46.0078 0576 perc2hib - ok
00:12:46.0203 0576 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\windows\system32\services.exe
00:12:46.0218 0576 PlugPlay - ok
00:12:46.0250 0576 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\windows\system32\lsass.exe
00:12:46.0265 0576 PolicyAgent - ok
00:12:46.0281 0576 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys
00:12:46.0296 0576 PptpMiniport - ok
00:12:46.0312 0576 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\windows\system32\lsass.exe
00:12:46.0328 0576 ProtectedStorage - ok
00:12:46.0343 0576 PSched (09298ec810b07e5d582cb3a3f9255424) C:\windows\system32\DRIVERS\psched.sys
00:12:46.0359 0576 PSched - ok
00:12:46.0375 0576 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys
00:12:46.0375 0576 Ptilink - ok
00:12:46.0406 0576 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\windows\system32\Drivers\PxHelp20.sys
00:12:46.0421 0576 PxHelp20 - ok
00:12:46.0437 0576 qisgjdvk - ok
00:12:46.0468 0576 ql1080 - ok
00:12:46.0500 0576 Ql10wnt - ok
00:12:46.0531 0576 ql12160 - ok
00:12:46.0578 0576 ql1240 - ok
00:12:46.0609 0576 ql1280 - ok
00:12:46.0640 0576 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys
00:12:46.0640 0576 RasAcd - ok
00:12:46.0687 0576 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\windows\System32\rasauto.dll
00:12:46.0703 0576 RasAuto - ok
00:12:46.0718 0576 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys
00:12:46.0734 0576 Rasl2tp - ok
00:12:46.0796 0576 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\windows\System32\rasmans.dll
00:12:46.0812 0576 RasMan - ok
00:12:46.0828 0576 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys
00:12:46.0828 0576 RasPppoe - ok
00:12:46.0859 0576 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys
00:12:46.0859 0576 Raspti - ok
00:12:46.0906 0576 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys
00:12:46.0921 0576 Rdbss - ok
00:12:46.0937 0576 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys
00:12:46.0937 0576 RDPCDD - ok
00:12:47.0031 0576 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\windows\system32\drivers\RDPWD.sys
00:12:47.0031 0576 RDPWD - ok
00:12:47.0078 0576 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
00:12:47.0093 0576 RDSessMgr - ok
00:12:47.0109 0576 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\windows\system32\DRIVERS\redbook.sys
00:12:47.0125 0576 redbook - ok
00:12:47.0156 0576 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\windows\System32\mprdim.dll
00:12:47.0156 0576 RemoteAccess - ok
00:12:47.0187 0576 RimUsb (f17713d108aca124a139fde877eef68a) C:\windows\system32\Drivers\RimUsb.sys
00:12:47.0187 0576 RimUsb - ok
00:12:47.0203 0576 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\windows\system32\locator.exe
00:12:47.0218 0576 RpcLocator - ok
00:12:47.0281 0576 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\windows\system32\rpcss.dll
00:12:47.0296 0576 RpcSs - ok
00:12:47.0343 0576 RSVP (471b3f9741d762abe75e9deea4787e47) C:\windows\system32\rsvp.exe
00:12:47.0359 0576 RSVP - ok
00:12:47.0406 0576 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\windows\system32\lsass.exe
00:12:47.0406 0576 SamSs - ok
00:12:47.0421 0576 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\windows\System32\SCardSvr.exe
00:12:47.0437 0576 SCardSvr - ok
00:12:47.0500 0576 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\windows\system32\schedsvc.dll
00:12:47.0515 0576 Schedule - ok
00:12:47.0562 0576 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys
00:12:47.0562 0576 Secdrv - ok
00:12:47.0593 0576 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\windows\System32\seclogon.dll
00:12:47.0609 0576 seclogon - ok
00:12:47.0625 0576 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\windows\system32\sens.dll
00:12:47.0640 0576 SENS - ok
00:12:47.0656 0576 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\windows\system32\DRIVERS\serenum.sys
00:12:47.0671 0576 serenum - ok
00:12:47.0718 0576 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\windows\system32\DRIVERS\serial.sys
00:12:47.0718 0576 Serial - ok
00:12:47.0843 0576 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys
00:12:47.0843 0576 Sfloppy - ok
00:12:47.0921 0576 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\windows\System32\ipnathlp.dll
00:12:47.0921 0576 SharedAccess - ok
00:12:47.0968 0576 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\windows\System32\shsvcs.dll
00:12:47.0968 0576 ShellHWDetection - ok
00:12:47.0984 0576 Simbad - ok
00:12:48.0046 0576 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\windows\system32\DRIVERS\SLIP.sys
00:12:48.0046 0576 SLIP - ok
00:12:48.0093 0576 Sparrow - ok
00:12:48.0156 0576 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\windows\system32\speedfan.sys
00:12:48.0156 0576 speedfan - ok
00:12:48.0187 0576 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys
00:12:48.0187 0576 splitter - ok
00:12:48.0218 0576 Spooler (60784f891563fb1b767f70117fc2428f) C:\windows\system32\spoolsv.exe
00:12:48.0234 0576 Spooler - ok
00:12:48.0250 0576 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\windows\system32\DRIVERS\sr.sys
00:12:48.0265 0576 sr - ok
00:12:48.0296 0576 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
00:12:48.0296 0576 srservice - ok
00:12:48.0343 0576 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\windows\system32\DRIVERS\srv.sys
00:12:48.0359 0576 Srv - ok
00:12:48.0390 0576 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\windows\System32\ssdpsrv.dll
00:12:48.0390 0576 SSDPSRV - ok
00:12:48.0421 0576 StarOpen (e57b778208c783d8debab320c16a1b82) C:\windows\system32\drivers\StarOpen.sys
00:12:48.0421 0576 StarOpen - ok
00:12:48.0468 0576 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\windows\system32\wiaservc.dll
00:12:48.0484 0576 stisvc - ok
00:12:48.0500 0576 streamip (77813007ba6265c4b6098187e6ed79d2) C:\windows\system32\DRIVERS\StreamIP.sys
00:12:48.0515 0576 streamip - ok
00:12:48.0546 0576 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys
00:12:48.0546 0576 swenum - ok
00:12:48.0578 0576 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys
00:12:48.0578 0576 swmidi - ok
00:12:48.0593 0576 SwPrv - ok
00:12:48.0656 0576 SWUSBFLT (5212178c49079e40831d95ec7596fcc7) C:\windows\system32\DRIVERS\SWUSBFLT.sys
00:12:48.0656 0576 SWUSBFLT - ok
00:12:48.0687 0576 symc810 - ok
00:12:48.0718 0576 symc8xx - ok
00:12:48.0750 0576 sym_hi - ok
00:12:48.0781 0576 sym_u3 - ok
00:12:48.0812 0576 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys
00:12:48.0828 0576 sysaudio - ok
00:12:48.0875 0576 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\windows\system32\smlogsvc.exe
00:12:48.0875 0576 SysmonLog - ok
00:12:48.0921 0576 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\windows\System32\tapisrv.dll
00:12:48.0937 0576 TapiSrv - ok
00:12:49.0000 0576 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\windows\system32\DRIVERS\tcpip.sys
00:12:49.0000 0576 Tcpip - ok
00:12:49.0046 0576 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys
00:12:49.0046 0576 TDPIPE - ok
00:12:49.0062 0576 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys
00:12:49.0078 0576 TDTCP - ok
00:12:49.0109 0576 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys
00:12:49.0109 0576 TermDD - ok
00:12:49.0156 0576 TermService (ff3477c03be7201c294c35f684b3479f) C:\windows\System32\termsrv.dll
00:12:49.0171 0576 TermService - ok
00:12:49.0203 0576 Themes (1926899bf9ffe2602b63074971700412) C:\windows\System32\shsvcs.dll
00:12:49.0203 0576 Themes - ok
00:12:49.0218 0576 TosIde - ok
00:12:49.0265 0576 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\windows\system32\trkwks.dll
00:12:49.0281 0576 TrkWks - ok
00:12:49.0328 0576 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys
00:12:49.0328 0576 Udfs - ok
00:12:49.0375 0576 ultra - ok
00:12:49.0437 0576 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\windows\system32\DRIVERS\update.sys
00:12:49.0453 0576 Update - ok
00:12:49.0515 0576 UPHClean (325fb38c323c63c7f57885b4dfb1b91e) C:\Program Files\UPHClean\uphclean.exe
00:12:49.0531 0576 UPHClean - ok
00:12:49.0578 0576 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\windows\System32\upnphost.dll
00:12:49.0593 0576 upnphost - ok
00:12:49.0640 0576 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\windows\System32\ups.exe
00:12:49.0640 0576 UPS - ok
00:12:49.0687 0576 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\windows\system32\DRIVERS\usbccgp.sys
00:12:49.0687 0576 usbccgp - ok
00:12:49.0718 0576 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys
00:12:49.0734 0576 usbehci - ok
00:12:49.0765 0576 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys
00:12:49.0765 0576 usbhub - ok
00:12:49.0796 0576 usbprint (a717c8721046828520c9edf31288fc00) C:\windows\system32\DRIVERS\usbprint.sys
00:12:49.0796 0576 usbprint - ok
00:12:49.0828 0576 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\windows\system32\DRIVERS\usbscan.sys
00:12:49.0828 0576 usbscan - ok
00:12:49.0875 0576 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS
00:12:49.0875 0576 USBSTOR - ok
00:12:49.0906 0576 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\windows\system32\DRIVERS\usbuhci.sys
00:12:49.0906 0576 usbuhci - ok
00:12:49.0937 0576 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys
00:12:49.0937 0576 VgaSave - ok
00:12:49.0968 0576 ViaIde - ok
00:12:50.0000 0576 Video3D - ok
00:12:50.0046 0576 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\windows\system32\drivers\VolSnap.sys
00:12:50.0062 0576 VolSnap - ok
00:12:50.0093 0576 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\windows\System32\vssvc.exe
00:12:50.0109 0576 VSS - ok
00:12:50.0140 0576 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
00:12:50.0156 0576 W32Time - ok
00:12:50.0187 0576 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys
00:12:50.0203 0576 Wanarp - ok
00:12:50.0296 0576 WDCS_WNDA3200 (49b50be4c6e61dc378057a09130e0629) C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe
00:12:50.0312 0576 WDCS_WNDA3200 - ok
00:12:50.0359 0576 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\windows\system32\Drivers\wdf01000.sys
00:12:50.0375 0576 Wdf01000 - ok
00:12:50.0390 0576 WDICA - ok
00:12:50.0453 0576 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys
00:12:50.0453 0576 wdmaud - ok
00:12:50.0484 0576 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\windows\System32\webclnt.dll
00:12:50.0484 0576 WebClient - ok
00:12:50.0578 0576 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\windows\system32\DRIVERS\HSFCXTS2.sys
00:12:50.0593 0576 winachsf - ok
00:12:50.0718 0576 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\windows\system32\wbem\WMIsvc.dll
00:12:50.0718 0576 winmgmt - ok
00:12:50.0812 0576 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
00:12:50.0812 0576 WmdmPmSN - ok
00:12:50.0875 0576 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:12:50.0875 0576 WmiApSrv - ok
00:12:51.0015 0576 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:12:51.0031 0576 WPFFontCache_v0400 - ok
00:12:51.0062 0576 WSearch - ok
00:12:51.0125 0576 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\windows\system32\DRIVERS\WSTCODEC.SYS
00:12:51.0125 0576 WSTCODEC - ok
00:12:51.0171 0576 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
00:12:51.0187 0576 wuauserv - ok
00:12:51.0203 0576 wvmkpjtg - ok
00:12:51.0265 0576 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\windows\System32\wzcsvc.dll
00:12:51.0296 0576 WZCSVC - ok
00:12:51.0328 0576 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\windows\System32\xmlprov.dll
00:12:51.0343 0576 xmlprov - ok
00:12:51.0406 0576 yukonwxp (4322c32ced8c4772e039616dcbf01d3f) C:\windows\system32\DRIVERS\yk51x86.sys
00:12:51.0421 0576 yukonwxp - ok
00:12:51.0453 0576 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\windows\system32\Drivers\ZDPSp50.sys
00:12:51.0453 0576 ZDPSp50 - ok
00:12:51.0531 0576 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
00:12:51.0562 0576 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
00:12:51.0562 0576 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
00:12:51.0578 0576 Boot (0x1200) (2a9d442aec11693cf647324739ad9408) \Device\Harddisk0\DR0\Partition0
00:12:51.0578 0576 \Device\Harddisk0\DR0\Partition0 - ok
00:12:51.0593 0576 ============================================================
00:12:51.0593 0576 Scan finished
00:12:51.0593 0576 ============================================================
00:12:51.0671 2016 Detected object count: 2
00:12:51.0671 2016 Actual detected object count: 2
00:34:29.0531 2016 AFD ( Virus.Win32.ZAccess.k ) - skipped by user
00:34:29.0531 2016 AFD ( Virus.Win32.ZAccess.k ) - User select action: Skip
00:34:29.0546 2016 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - skipped by user
00:34:29.0546 2016 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Skip
00:36:37.0109 0492 Deinitialize success
3. SecurityCheck
Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Microsoft Security Essentials
```````````````````````````````
Anti-malware/Other Utilities Check:
SpywareBlaster 4.6
Java(TM) 6 Update 29
Java version out of date!
Adobe Flash Player 10.3.181.14 Flash Player out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````
4. I can confirm I have WIN XP and SP3 discs.
I can also confirm that MSE does not show in the notification area.
Nice to know the firewall is in place.
Rgds
Antioch |
|
| Back to top |
|
|
Scolabar
SWW Honors Graduate
Joined: 24 Aug 2011
Last Visit: 27 Jun 2012
Posts: 105
|
| Posted: Tue Apr 24, 2012 3:43 am Post subject: |
|
|
Hi Antioch,
I am afraid I have some bad news for you.
Rootkit Warning
Your computer shows signs of multiple infections, including Rootkit infections.
A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.
You are strongly advised to do the following:
- Disconnect the computer from the Internet and from any networked computers until it is cleaned.
- Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft
and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
- From a clean computer, change all your passwords
(ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, any online activity you perform, requiring a username and password).
Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.
- Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again.
Many experts in the security community believe that once infected with this type of infection, the best course of action would be to do a reformat and re-installation of the operating system (OS).
This decision will have to be made by you.
An attempt can be made to clean this machine but there will be no guarantee that it won't still be compromised, afterwards.
To help you understand more, please take some time to read the following articles:
When should I re-format and reinstall my OS
What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
How and Where to backup your files
Restoring your backups
Please confirm how you would like to proceed.
If you should decide to reformat and reinstall I recommend you do the following:
Advisory - Hard Disk Formatting
When reformatting the hard disk it is advisable to select the low-level format (writing zeros - one pass is sufficient unless you are really paranoid) option, although this does take considerably longer depending on the size of the hard disk, it is the safest way to make sure you wipe all traces of data from the drive. If you should decide to go ahead and try to remove the infections please continue with the instructions below:
Step 1:
Backup MBR
As a precaution I am going to ask you to back up your PC's Master Boot Record:
- Please download MBRBackup © Mischel Internet Security Ltd and save it to your Desktop.
- Double-click MBRBackup.exe to launch the program.
- Click SaveMBR (top left corner) and save the backup file to your Desktop.
- It will have a name similar to MBR_2010-10-06.bin where the numbers correspond to the date the backup was made.
- Exit the program.
- I strongly advise that you keep a copy of this backup stored on an external device - on an external hard drive, CD/DVD or USB flash drive - in case we need it. An infected MBR is better than none at all!
Step 2:
TDSSKiller
Please download TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!
- Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
- Click the Start Scan button. Do not use the computer during the scan!
- If the scan completes with nothing found, click Close to exit.
- If malicious objects are found, they will show in the Scan results - Select action for found objects and offer 3 options.
Ensure Cure (default) is selected and then click Continue > Reboot now to finish the cleaning process.
- A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually the local disk - C: drive).
- Copy and Paste the entire contents of the TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt file into your next reply.
Step 3:
OTL - Script
Next, we need to run an OTL Fix.
- Double-click on OTL.exe to run the program.
- Copy and Paste the following code into the
 textbox. Do not include the word Code.
| Code: |
:otl
IE - HKU\S-1-5-21-527237240-602609370-682003330-1004\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
O1 - Hosts: 94.63.147.17 www.bing.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll File not found
O2 - BHO: (no name) - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - No CLSID value found.
O3 - HKU\S-1-5-21-527237240-602609370-682003330-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [dplaysvr] C:\Documents and Settings\Richard Administrato\Application Data\dplaysvr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-527237240-602609370-682003330-1004..\Run: [dplaysvr] C:\Documents and Settings\Richard Administrato\Application Data\dplaysvr.exe (Microsoft Corporation)
O7 - HKU\S-1-5-21-527237240-602609370-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O15 - HKU\S-1-5-21-527237240-602609370-682003330-1004\..Trusted Domains: uttlesford.gov.uk ([www] http in Trusted sites)
O33 - MountPoints2\{2a1860a8-ad66-11e0-b5b6-0013d4c3a2b0}\Shell\AutoRun\command - "" = E:\AutoInst.exe
[2012/04/16 22:36:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Richard Administrato\Start Menu\Programs\SMART HDD
[2012/04/16 21:16:13 | 000,102,952 | -HS- | C] (Microsoft Corporation) -- C:\Documents and Settings\Richard Administrato\Application Data\dplaysvr.exe
[5 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Documents and Settings\Richard Administrato\*.tmp files -> C:\Documents and Settings\Richard Administrato\*.tmp -> ]
@Alternate Data Stream - 630 bytes -> C:\windows\System32\drivers\hfpxywkk.sys:changelist
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
:services
hfpxywkk
cesvizww
ncviiuch
qisgjdvk
wvmkpjtg
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe"=-
"C:\WINDOWS\system32\dxdiag.exe"=-
"C:\Program Files\1ClickDownload\1ClickDownload.exe"=-
:files
C:\Documents and Settings\All Users\Application Data\-0hmH552dWwkvWdr
C:\Documents and Settings\All Users\Application Data\-0hmH552dWwkvWd
C:\Documents and Settings\All Users\Application Data\0hmH552dWwkvWd
C:\Documents and Settings\Richard Administrato\Application Data\dplaysvr.exe
C:\Documents and Settings\Richard Administrato\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
C:\Documents and Settings\Richard Administrato\Start Menu\Programs\SMART HDD
C:\WINDOWS\system32\drivers\cesvizww.sys
C:\windows\System32\drivers\hfpxywkk.sys
C:\windows\system32\drivers\ncviiuch.sys
C:\windows\system32\drivers\qisgjdvk.sys
C:\windows\system32\drivers\wvmkpjtg.sys
:commands
[PURITY]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[REBOOT]
|
Then click the Run Fix button at the top.
Click  .
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.Step 4:
Include in Next Post
- Did you have any problems carrying out the instructions?
- TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt.
- OTL Fix Report.
- How is the computer now running?
Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
_________________
Malware Removal University - You too could train to help others
Member of ASAP and UNITE |
|
| Back to top |
|
|
Antioch
Junior Member
Joined: 16 Aug 2009
Last Visit: 25 Jun 2012
Posts: 38
|
| Posted: Tue Apr 24, 2012 6:20 am Post subject: SMART HDD |
|
|
Hi Scolabar
I agree with you that with such an infection, the only way from here is to do a clean install of XP.
I cant say that I look forward to all Black Tuesday updates but at least I have most of them on disc and I had to do it when I bought a new HDD 12 months ago. And I also have gone through this for friends and family.
I take note of all the advice in your post.
Thank you very much for your help. You all do a tremendous job at SW.
Rgds
Antioch |
|
| Back to top |
|
|
Scolabar
SWW Honors Graduate
Joined: 24 Aug 2011
Last Visit: 27 Jun 2012
Posts: 105
|
| Posted: Tue Apr 24, 2012 9:08 am Post subject: |
|
|
Hi Antioch,
I am sorry I could provide better news and don't envy you your task, but I believe you have made the right decision.
Below are some instructions I generally include once a computer has been declared clear of infection, which you should find helpful. These will still be relevant once the reformatting and reinstallation of your computer has been completed:
Step 1:
Security Vulnerabilities
I cannot stress how important it is to keep your security software up-to-date. In particular, if you don't keep your Operating System and Internet Explorer up-to-date the computer will be open to re-infection. It is important to make sure that the Windows Security Center service is running even if you prefer to manage the system updates manually, as indeed I do.
The same equally applies to the programs you use.
Note: Both the Java Runtime Environment and Flash Player software were outdated versions on the infected system.
Please see the Further Guidelines section below for more information about the outdated programs on your infected system and for keeping your programs up-to-date in future.
Step 2:
Improve Your Computer's Security
MalwareBytes' AntiMalware
It is worth keeping MalwareBytes' AntiMalware and installing it on your re-installed system. Updating the program and running a scan once every couple of weeks will help you to keep malware free.
SpywareBlaster
It is also worth installing Javacool's SpywareBlaster on your re-installed system. If you are using the free version make sure you manually for updates on a regular basis - at least once a month.
Below are some additional (free) programs, that can help improve your computer's security.
Many feel that having a "layered" protection scheme is beneficial, you'll have to decide what works best for your situation. You may like to give them a try.
WinPatrol
Download it from Copyright © BillP Studios.
Information about how WinPatrol works, is available Here.
(The free version of WinPatrol provides limited real-time protection.)
Web of Trust (WOT)
Install Web of Trust (WOT). WOT keeps you from dangerous websites with warnings and blockings.
You can find more information about the program and download it from Here .
MVPS Hosts
For added protection you may also like to add a hosts file. A simple explanation of what a Hosts file does is provided here.
Install MVPS Hosts File from here.
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can read the Tutorial here.
Panda USB Vaccine
Protect your computer from removable or USB drive infections with Panda USB Vaccine. It is an effective method of preventing the spread of malware.
You can download and learn more about this product from Here. Step 3:
Program Advisories
Below are some general advisories about programs to avoid.
Advisory - P2P File Sharing Software
P2P File Sharing Programs are used as a major conduit for spreading malware infection to computer systems these days.
P2P programs (such as Ares, Azureus, BitTornado, Limewire, Kazaa, µTorrent, etc.) open up access to the computer on which the program is installed. The computer's settings are more often than not changed in a manner that renders the computer insecure and access to the computer remains open even when the program is not in use. Consequently, the system's security is completely compromised.
So be aware that it is not just what is downloaded that causes problems, just having a P2P program installed is like leaving all the doors to your house unlocked.
I advise you take the time to read the following articles that explain the risk of installing these programs:
Advisory - Registry Cleaners
I do not recommend the use of ANY Registry Cleaner software (examples: IObit Advanced SystemCare 4, RegClean Pro, RegWork, Uniblue RegistryBooster - to mention just a few).
Here is an excerpt from a discussion on Registry Cleaners:
| Quote: |
Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference.
If it doesn't work properly you may end up with an expensive doorstop. |
Registry Cleaners and System Tweaking Tools
Regcleaner, no longer recommendedStep 4:
Further Guidelines
Please follow these simple guidelines in order to help keep your computer more secure:
If your computer is running slowly after your clean up, please read:
What to do if your Computer is running slowly
Good luck with the reinstallation and stay safe.
Please let me know when you have read this post and I will arrange for this topic to be closed.
Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
_________________
Malware Removal University - You too could train to help others
Member of ASAP and UNITE |
|
| Back to top |
|
|
Antioch
Junior Member
Joined: 16 Aug 2009
Last Visit: 25 Jun 2012
Posts: 38
|
| Posted: Tue Apr 24, 2012 4:41 pm Post subject: SMART HDD |
|
|
Hi Scolabar
Many thanks for your 'straight and honest' reply and the mass of info which is now saved to disc. Though I would question the clearing of the 'temp' via disk cleanup - there is another temp file that in XP, can grow and grow. And I would caution cleaning out too many restore points in XP with MSE on your system as they do not always work as I have found - one can also get a huge build-up in the Software Distribution folder[240MB since end of Jan 2012].
But the article has all good stuff and to my mind better than just giving somebody a link to a cleaner to do it for you - they always foget to warn about the reg cleaner included in such software.
MSE did spot the intrusion but not quick enough to clean it off the system completely. And what is most annoying is that I am so fastidious about security and keeping the system at peak performance. Years of following MS newsgroups[R.I.P] and now the Answer forums. Like yourself here in SW, they give many hours of their time to help others - I have never been let down by any of the MVPs, nor here in SW or the late CastleCops - [Paul and Robin].
Dont mention Reg Cleaners - snake oil the lot of them. In the forums I frequent, I always quote the below - page down to Bill Castner wrote
http://aumha.net/viewtopic.php?t=28099
AND this one -
http://www.knowthenetwork.com/2009/01/the-myth-of-registry-cleaners/
I have a collection of quotes from just about every MVP and I just throw them one after the other.
It silences the avid promoters/users who fail to give any form of 'health warning' when they plug their use. If I need to go into the registry then I get an expert to guide me - and likewise with infections, I come here. I know nothing about either - not a clue on the reg entries and certainly not any of the saved files you have asked for.
Do keep up the good work that you and your associates do for us idiots and I wish you well.
Yes - topic closed - agreed.
Rgds
Antioch |
|
| Back to top |
|
|
Scolabar
SWW Honors Graduate
Joined: 24 Aug 2011
Last Visit: 27 Jun 2012
Posts: 105
|
| Posted: Wed Apr 25, 2012 2:56 am Post subject: |
|
|
Hi Antioch,
Thank you for the update and kind wishes.
I will now arrange for this topic to be closed.
Scolabar
_________________
Malware Removal University - You too could train to help others
Member of ASAP and UNITE |
|
| Back to top |
|
|
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 24 May 2013
Posts: 4045
Location: Land Of The Leprechauns
|
| Posted: Wed Apr 25, 2012 6:53 am Post subject: |
|
|
| Quote: |
As your issues will be resolved with a reformat, this topic is now closed.
If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations |
_________________
Admin/Teacher at Malware Removal University
Member of...
 |
|
| Back to top |
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group
|
